diff --git a/src/gui/accountstate.cpp b/src/gui/accountstate.cpp index d1a0957791936..0cdd819da7055 100644 --- a/src/gui/accountstate.cpp +++ b/src/gui/accountstate.cpp @@ -317,8 +317,33 @@ void AccountState::checkConnectivity() // If we don't reset the ssl config a second CheckServerJob can produce a // ssl config that does not have a sensible certificate chain. +#if defined(Q_OS_WIN) + auto sslConfig = QSslConfiguration::defaultConfiguration(); + + for (const auto &storeName : std::vector{L"CA"}) { + auto systemStore = CertOpenSystemStore(0, storeName.data()); + if (systemStore) { + auto certificatePointer = PCCERT_CONTEXT{nullptr}; + while (true) { + certificatePointer = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, certificatePointer); + if (!certificatePointer) { + break; + } + const auto der = QByteArray{reinterpret_cast(certificatePointer->pbCertEncoded), + static_cast(certificatePointer->cbCertEncoded)}; + const auto cert = QSslCertificate{der, QSsl::Der}; + + qCDebug(lcAccountState()) << "found certificate" << cert.subjectDisplayName() << cert.issuerDisplayName() << "from store" << storeName; + + sslConfig.addCaCertificate(cert); + } + CertCloseStore(systemStore, 0); + } + } + + QSslConfiguration::setDefaultConfiguration(sslConfig); +#endif account()->setSslConfiguration(QSslConfiguration::defaultConfiguration()); - //#endif conValidator->checkServerAndAuth(); } } diff --git a/src/libsync/CMakeLists.txt b/src/libsync/CMakeLists.txt index 58d820a3412b1..24c0f45865039 100644 --- a/src/libsync/CMakeLists.txt +++ b/src/libsync/CMakeLists.txt @@ -12,6 +12,12 @@ if ( APPLE ) ) endif() +if (WIN32) + list(APPEND OS_SPECIFIC_LINK_LIBRARIES + Crypt32 + ) +endif() + set(libsync_SRCS account.h account.cpp